M

MalwareT

Guest
#1
Alright guys, so today i'm going to show you how to setup VM for antivirus testing/malware testing or something else,so let's get started.Most of my friends and people asked me how do i setup machine for testing so i'm going to tell in this thread. If there's duplicate of this thread, please staff members delete this thread then, and i hope to be useful for someone.

1).Virtualization software

If you want to test malware or some security product in VM, you will need virtualization software.If you want free,simple,lightweight,i'd recommend you to use Oracle VM VirtualBox.
If you want to use virtualization software with a lot of features like transforming your system to virtual machine etc. then you can choose VMware Workstation.
Even though VMware is paid, they offer free VMware Player, but it doesn't allow to make snapshot of virtual machine. What's snapshot ? Snapshot is image file that contains current machine state when snapshot was taken. Overall, VirtualBox is best option for me, and a lot of folks here's using VirtualBox.

2)Operating system

If you want to test software you will need to have .iso image of Windows˜ operating system. Windows XP,Vista,7 or 8/8.1 - your choice,but i'm using Windows 7. If you're planning to use Windows 8.1 for best performance is recommended to have 2GB for guest. IF you want to download .iso image of Windows operating system, you have download links below. Please note that those ISOs below are original and they're not preactivated or modified by any means.

Windows XP SP3
Windows Vista
Windows 7
Windows 8/8.1

3)Setting up VM

To create virtual machine and also install operating system in it, you can follow steps in videos below:

Windows Vista/7 (same procedure)


Windows 8/8.1


Windows XP


After you're installed operating system, you can proceed to next step.

4)Installing drivers

After you're installed OS in VM, now you must install drivers for best performance and to get widescreen resolution. To install drivers in Virtualbox, click on "Devices" and then "Insert Guest Additions disk image" like in screenshot below:

21L30.png


After that's done, restart your guest. In VMware is similar task (Tools>Install VMware tools).

5)Activation

Before you get started with anything make sure you activated Windows. I'm not going to tell you how to activate it because it's against rules of this forum.

6)Disable Windows Defender

Before you get started with installing software for video reviews, you must disable Windows Defender because it's pretty annoying during tests. To completely disable WD, go to control panel>Windows Defender> and first you have to update it before disabling. After you're updated WD, disable it in services and under administration remove thick from "Use this software", and it will be disabled.

defender05.png


7)Final touches

After you're did all steps, then you need to install following software and do tweaks:

1)Disable all animations to make Windows faster
2)Upgrade IE8 to IE11
3)Install following software:
  1. Malwarebytes Antimalware
  2. Hitman Pro
  3. Emsisoft Emergency Kit
  4. Phrozen VirusTotal Uploader (optional)
  5. HaoZip (has batch rename)
  6. Microsoft .NET Framework 4.5.2
  7. CCleaner/Clean Master
  8. Mozilla Firefox (optional)
  9. Process Explorer/Hacker
  10. AdwCleaner
4)Update all software before creating snapshot
5)Create shared folder and set it to "Read-Only" to prevent malware escape VM
6)Create shortcut on desktop for shared folder
7)Always disconnect shared folder before testing if you didn't set it to read only just for your system safety
8)Pin HaoZip batch remaner,Hitman Pro,Malwarebytes,Process Explorer,Process Hacker,Calculator,AdwCleaner and Clean Master /CCleaner.

8)Make snapshot of VM

After you're done all steps,click on machine>take snapshot, name it and click "OK".In VMware Workstation you have take snapshot button on toolbar.
Click close button at top of VirtualBox and click "Power Off" and put a checkmark to restore snapshot".
For VMware just click on revert snapshot button.

-Miscellanious-

1)How to add shared folder ? Easy.
  • Make sure that you have Guest Additions installed or VMware tools if you have VMware;
  • Create new folder wherever you like and name it for example "VBox Shared" or something :D ;
  • Open you VirtualBox manager and open settings like in picture below:

2015-01-06_104712.png


When you're clicked on settings go to shared folder and do like in picture(s) below:

2015-01-06_104801.png


2015-01-06_104835.png


When you're done make sure that you put a checkmark as on picture above (to avoid malware escaping VM) and disconnecting won't be necessary.

How to open shared folder on guest ?

Easy.Open Computer, you may notice "network location", that's your shared folder presented as network location. You can create shortcut on desktop to make it easier to access. To disconnect just right-click and click disconnect. It should look like this:

2015-01-06_105833.png


2015-01-06_105859.png


I hope that someone found this helpful. If you have any questions feel free to ask ;)
 
Last edited by a moderator:
Joined
Jan 2, 2015
Messages
29
#2
Whooa, this what im looking for
I'm going to test some malware that shared in here, to look how it affecting the system, but I doubt about safety of my VM's config.
I've asking one of member here, but no response :(
Thanks a lot, btw.
 
M

MalwareT

Guest
#3
Whooa, this what im looking for
I'm going to test some malware that shared in here, to look how it affecting the system, but I doubt about safety of my VM's config.
I've asking one of member here, but no response :(
Thanks a lot, btw.
I'm glad to help. Just disable your antivirus on host and set shared folder to read only and your system is safe ;)
 
M

MalwareT

Guest
#5
How to test antivirus:
  1. Always make sure that is up to date;
  2. You should have at least 10 urls and make sure that they're working (test them) - source of urls here.
  3. Do not disable antivirus during extracting because it will make process faster (removal)
  4. Age of files shall be maximum 3 days old - source Virus Exchange.
  5. Always use task manager to show malicious file activity like Process Explorer/Hacker.
 
Likes: AtlBo

frogboy

Level 75
Verified
Joined
Jun 9, 2013
Messages
6,499
Operating System
Windows 10
Antivirus
Emsisoft
#6
Thanks for a great how to on this so far i have always used Shadow Defender for testing i might give this a go as your demo looks easy enough to follow. Cheers. :)
 

Spawn

Administrator
MalwareTips Team
Verified
Joined
Jan 8, 2011
Messages
17,570
Operating System
Windows 10
Antivirus
Windows Defender
#8
3)Install following software:
  1. Malwarebytes Antimalware
  2. Hitman Pro
  3. Emsisoft Emergency Kit
  4. Phrozen VirusTotal Uploader (optional)
  5. HaoZip (has batch rename)
  6. Microsoft .NET Framework 4.5.2
  7. CCleaner/Clean Master
  8. Mozilla Firefox (optional)
  9. Process Explorer/Hacker
  10. AdwCleaner
5)Create shared folder and set it to "Read-Only" to prevent malware escape VM
6)Create shortcut on desktop for shared folder
7)Always disconnect shared folder before testing if you didn't set it to read only just for your system safety
Could you explain the benefits of the programs listed, and why .NET Framework 4.5.2 in particular?

Do you have a 'How-To' step-by-step guide for Sharing Folders, and how to disconnect before testing?
 
M

MalwareT

Guest
#9
Could you explain the benefits of the programs listed, and why .NET Framework 4.5.2 in particular?

Do you have a 'How-To' step-by-step guide for Sharing Folders, and how to disconnect before testing?
Malwarebytes,Hitman Pro and Emsisoft for after executing samples,Haozip for unpacking malware packs,Process Explorer/Hacker for monitoring each process,VT uploader is for more research on some malware. For shared folders i will add tomorrow ;)
 
Likes: AtlBo

Malware1

New Member
Joined
Sep 28, 2011
Messages
6,480
#10
4)Installing drivers

After you're installed OS in VM, now you must install drivers for best performance and to get widescreen resolution. To install drivers in Virtualbox, click on "Devices" and then "Insert Guest Additions disk image" like in screenshot below:



After that's done, restart your guest. In VMware is similar task (Tools>Install VMware tools).
This is the worst thing to do when doing malware testing.
 

jamescv7

Level 61
Verified
Joined
Mar 15, 2011
Messages
12,637
Operating System
Windows 10
Antivirus
Windows Defender
#15
Could you explain the benefits of the programs listed, and why .NET Framework 4.5.2 in particular?
Regarding in Framework, since malware are run under of dependency method in order of the code structures to work. So to avoid any problems it must be installed for such to view of infection rate may happen on such samples taken.
 
Joined
Aug 1, 2017
Messages
20
#17
In the Network Configuration what is better:
NAT or Bridged with the local ip of the VM blocked on the host's firewall?
There aren't other devices connected to the network